By Raj Srinivas
Companies have accelerated their move to Covid cloud publishing thanks to secure access to cloud infrastructure from anywhere for a workforce that works mostly from different parts of the world and / or works from home. So what are the factors a company should consider to migrate to the cloud safely, so that a fast move to the cloud does not compromise its infrastructure for hackers and external forces? How to identify pain points in advance before and during movement and fix them before attackers can exploit them?
1. Security gaps in infrastructures: The infrastructure covers all servers, workstations along with their operating systems, application software, mail servers, other servers, and firewalls that a company plans to move to the cloud. When these assets move to the cloud, gaps can occur due to incorrect design of security groups protecting these assets in the cloud, incorrect port and protocol configurations, free movement of unrestricted Internet traffic, and API gateways. which allow access to these cloud assets, proxy servers, and incorrectly configured load balancers that protect some of these inaccurate assets and firewall configurations.
Solution: All of the aforementioned servers and their protection cloud covers need to be considered in isolation when planning your move. Security experts should be constantly involved in the design, verification, and validation of these cloud configurations during and after deployment.
2. Data security compromised on the move: This addresses any movement of data between the infrastructure resources specified above or between the infra cloud and the outside world. In the case of hybrid or multi-cloud deployments, the movement of data between the various cloud providers of the company and also the exchange of data with the local facilities of the companies should be carefully looked at. Any port numbers that do not match incorrect settings, expired or unauthorized certificates that protect the destination ends, such as web applications, mail servers, firewalls, load balancers, proxies, often disclose invaluable business data to the outer world.
Solution: All data entry and exit points to and from the enterprise, single or multi-cloud network must be considered. All security certificates, proxy endpoints, and API endpoints must be monitored 24×7 thoroughly to ensure that data is always protected during and after the move.
3. Unsafe data migration to cloud databases and compromised data security at rest: This is mainly data that is stored in databases. Typically, database operations when moving to the cloud would go through a serious set of security audits before the data could be stored in the cloud databases. During and after the transfer to the cloud is where most of the setbacks occur.
Solution: Data governance equipment, data backups, encryption, secure data porting via VPN or private tunnels are some of the best practices of security for migrating data to databases in the cloud. Once the data reaches the cloud databases, care must be taken to ensure that any replication or configuration of the Disaster Recovery (DR) database follows strict security measures such as hardening, encryption, and strict security control. access to prevent data loss, data leakage, etc. even a single row or column of data is lost or dumped in the wrong hands.
4. Administration and validation of incorrect identity: The identities and user accounts of the people who will access the infrastructure in the cloud must be properly validated and managed. If the user base is not identified prior to relocation (this may include even contractors and temporary employees), access to the infrastructure could be given to the wrong group of people which would give disastrous results.
Solution: An appropriate identity verification process should be initiated internally before forming user accounts, groups, and functions in the cloud infrastructure, either for the enterprise or for individual applications. This should include an audit of existing staff in each department and the resources they need to access, in the cloud infrastructure / applications.
5. Access control security compromised: Controlling access to resources is an ongoing process. Every month new people join the organization and also people leave the organization. If a proper access control planning plan is not designed, people who should not have access could have access to the systems even after leaving the organization.
Solution: A comprehensive plan should be planned to govern access control to cloud resources. This would involve adding or revoking access rights as these changes occur. In addition, a weekly audit should be conducted to ensure that all access permissions are in place to access the appropriate resources.
6. Gaps in interoperability security between connected systems: The most vulnerable parts of a cloud deployment are the points where two systems (whether internal or external) need to communicate with each other. Configuration setbacks at the interoperable point can cause data leaks, especially if they occur at an intersection point between an internal system of the company and a system external to it. That’s when the results can hurt your ROI.
Solution: All port configurations, protocol configurations, inbound and outbound traffic rules should be watertight at these intersection points, so that no data leakage can occur during or after the startup of the integration. Periodic checks should be performed using control tools, SIEM tools, and log files to ensure that no external information has been leaked at these vulnerabilities.
7. Incorrect intrusion detection: Once the cloud infrastructure is configured, an appropriate intruder detection mechanism must be implemented. It is about detecting intruders (whether internal or external) looking for the network to collect data. Gaps in security / access control settings are used to attack infrastructure pain points. Through these, intruders can gain internal access to systems to which they do not have access.
Solution: According to the Gartner 2021 Security and Risk Report, simulating intrusions / breaches and attacks will help an organization improve its security stance. Internally, all systems should be checked for security if there is access control and port violations using attack simulations. Intrusion detection software logs and notifications should be checked 24×7 at network pain points, especially if there are internal resource intrusions. Orphaned access to applications / infrastructures and unauthorized devices connected to cloud infrastructure are often the pain points where intrusion occurs.
8. Infrequent vulnerability assessments: An infrastructure in the cloud is as secure as its weakest point. Therefore, it is imperative that no gateway, proxy server, web server, application server, database, mail server, firewall port is vulnerable. Vulnerabilities typically occur during or after a software / hardware upgrade in the infrastructure. Incomplete security settings become vulnerable to external attacks.
Solution: After each hardware or software upgrade to cloud deployments, vulnerability assessment tools should be run to identify changes in network topology that could occur and could compromise cloud security. In addition, periodic or even daily evaluations can be run (depending on the critical nature of the enterprise) in order to identify vulnerable ports, software injection scripts, batch files, executables, access points, gateways, firewall rules, vulnerable ports.
Following some of the above solutions could help any company ensure that their transformation to cloud infrastructure is secure. Commitments can be minimized through continuous monitoring, assessments, and intrusion detections. The security audit and the analysis of the infrastructure periodically and thoroughly will ensure that everything works properly.
The author is CTO, SecureKloud Technologies.